9 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. • https://gist.github.com/picar0jsu/a8e623639da34f36202ce5e436668de7 •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. Se presenta múltiples vulnerabilidades de tipo cross-site scripting (XSS) persistentes en la interfaz web de OpenText Content Server Versión 20.3. La aplicación permite a un atacante remoto introducir JavaScript arbitrario diseñando valores de formulario maliciosos que luego no son saneados • https://www.exploit-db.com/exploits/49578 https://www.opentext.com/products-and-solutions/products/enterprise-content-management/content-management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 no valida correctamente la entrada del comando RPC PUT_FILE, lo que permite que cualquier usuario autenticado secuestre un archivo arbitrario del sistema de archivos Content Server; debido a que algunos de los archivos del sistema de archivos son confidenciales, esto conduce a un escalado de privilegios. Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation. • https://www.exploit-db.com/exploits/43003 http://seclists.org/bugtraq/2017/Oct/19 http://www.securityfocus.com/bid/101639 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_content objects, which are queryable and "editable" (before release 7.2P02, any authenticated user was able to edit dmr_content objects; now any authenticated user may delete a dmr_content object and then create a new one with the old identifier) by authenticated users; this allows any authenticated user to replace the content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 contiene el siguiente fallo de diseño, que permite que un usuario autenticado gane privilegios de superuser: Content Server almacena información sobre archivos subidos en objetos dmr_content, los cuales son consultables y "editables" (antes de la distribución 7.2P02, cualquier usuario autenticado podía editar objetos dmr_content; ahora cualquier usuario autenticado puede borrar objetos dmr_content y, a continuación, crear uno nuevo con el antiguo identificador) por usuarios autenticados. Esto permite que cualquier usuario autenticado reemplace el contenido de objetos dmr_content sensibles (por ejemplo, contenido dmr_content relacionado con objetos dm_method objects) y obteniendo privilegios de superuser. Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to dm_method objects) and gain superuser privileges. • https://www.exploit-db.com/exploits/43004 http://seclists.org/bugtraq/2017/Oct/19 http://www.securityfocus.com/bid/101639 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives). When unpacking TAR archives, Content Server fails to verify the contents of an archive, which causes a path traversal vulnerability via symlinks. Because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. OpenText Documentum Content Server (anteriormente conocido como EMC Documentum Content Server) hasta la versión 7.3 contiene el siguiente fallo de diseño, que permite que un usuario autenticado gane privilegios de superuser: Content Server permite la subida de contenidos usando lotes (archivos TAR). Al desempaquetar archivos TAR, Content Server no puede verificar el contenido de un archivo, lo que provoca una vulnerabilidad de salto de directorio mediante vínculos simbólicos. • https://www.exploit-db.com/exploits/43002 http://seclists.org/bugtraq/2017/Oct/19 http://www.securityfocus.com/bid/101639 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •